90 lines
3.6 KiB
HTML
90 lines
3.6 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<title>Test frame-ancestor</title>
|
|
<meta name="timeout" content="long">
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="resources/utils.js"></script>
|
|
<script src="/common/utils.js"></script>
|
|
<script src="/common/get-host-info.sub.js"></script>
|
|
<body>
|
|
|
|
<script>
|
|
async function runTest(embed_url,
|
|
cross_origin_to_top_level_fenced_frame, cross_origin_to_top_level_iframe,
|
|
expected_result) {
|
|
const ancestor_key = token();
|
|
|
|
// Generate the url for the top level fenced frame, including the information
|
|
// needed to pass on to its nested iframe
|
|
const origin = get_host_info().HTTPS_REMOTE_ORIGIN;
|
|
let fenced_frame_url = generateURL(
|
|
"resources/ancestor-throttle-inner.https.html",
|
|
[ancestor_key, embed_url, cross_origin_to_top_level_iframe], true);
|
|
if (cross_origin_to_top_level_fenced_frame)
|
|
fenced_frame_url = getRemoteOriginURL(fenced_frame_url, true);
|
|
|
|
const fenced_frame_config = await generateURNFromFledgeRawURL(
|
|
fenced_frame_url, [], true);
|
|
|
|
attachFencedFrame(fenced_frame_config);
|
|
|
|
// There is no API to observe whether the document in the FencedFrame loaded
|
|
// or not. Instead, set up a timeout. If the document loads, "loaded" will be
|
|
// sent to the server. Otherwise "blocked" will be sent after 3 seconds.
|
|
step_timeout(() => {
|
|
writeValueToServer(ancestor_key, "blocked");
|
|
}, 3000);
|
|
|
|
// Get the result for the fenced frame's nested iframe.
|
|
const fenced_frame_result = await nextValueFromServer(ancestor_key);
|
|
assert_equals(fenced_frame_result, expected_result,
|
|
"The inner iframe was " + expected_result + ".");
|
|
}
|
|
|
|
promise_test(async () => {
|
|
return runTest("fenced-frame/resources/" +
|
|
"ancestor-throttle-nested.https.html?" +
|
|
"nested_url=ancestor-throttle-iframe-csp.https.html",
|
|
true, false, "blocked");
|
|
}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
|
|
"CSP frame-ancestors headers up until the fenced frame root");
|
|
|
|
promise_test(async () => {
|
|
return runTest("fenced-frame/resources/" +
|
|
"ancestor-throttle-nested.https.html?" +
|
|
"nested_url=ancestor-throttle-iframe-csp.https.html",
|
|
true, false, "blocked");
|
|
}, "root(origin1)->fenced(origin2)->iframe(origin1) should honor " +
|
|
"XFO SAMEORIGIN headers up until the fenced frame root");
|
|
|
|
promise_test(async () => {
|
|
return runTest("fenced-frame/resources/" +
|
|
"ancestor-throttle-iframe-csp.https.html", true, true, "loaded");
|
|
}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
|
|
"CSP frame-ancestors headers up until the fenced frame root");
|
|
|
|
promise_test(async () => {
|
|
return runTest("fenced-frame/resources/" +
|
|
"ancestor-throttle-iframe-xfo.https.html", true, true, "loaded");
|
|
}, "root(origin1)->fenced(origin2)->iframe(origin2) should honor " +
|
|
"XFO SAMEORIGIN headers up until the fenced frame root");
|
|
|
|
promise_test(async () => {
|
|
return runTest("fenced-frame/resources/" +
|
|
"ancestor-throttle-nested.https.html?" +
|
|
"nested_url=ancestor-throttle-iframe-csp.https.html",
|
|
false, true, "blocked");
|
|
}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
|
|
"honor CSP frame-ancestors headers up until the fenced frame root");
|
|
|
|
promise_test(async () => {
|
|
return runTest("fenced-frame/resources/" +
|
|
"ancestor-throttle-nested.https.html?" +
|
|
"nested_url=ancestor-throttle-iframe-csp.https.html",
|
|
false, true, "blocked");
|
|
}, "root(origin1)->fenced(origin1)->iframe(origin2)->iframe(origin2) should " +
|
|
"honor XFO SAMEORIGIN headers up until the fenced frame root");
|
|
</script>
|
|
</body>
|
|
</html>
|